Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Desktop Hijack,,Can you Help Me?[RESOLVED]

Started by FrankSweetMusic , May 03 2005 12:37 PM

This topic is locked

#16
Kat

Posted 16 May 2005 - 12:47 AM

Retired

Retired Staff
19,711 posts

Ok, here we go! Take a deep breath before you read all of this, ok? DON’T panic on me! We can do this!! :tazz:

I promise! This is a VERY nasty infection…several different infections, actually. But we CAN clean you up!

You need to either print these instructions, or save
them to Notepad on your desktop. Most of the fix will be done in Safe
mode, and you will need access to the information for reference. Take your
time, do the steps in order.

1. A malicious .DLL file is disrupting the LSP chain on your
computer. We need to get rid of it.

1. Please download LSPFix from
here.
2. Run the LSPFix.exe that you have just finished downloading.
3. Check the I know what I'm doing box.
4. In the Keep box you should see one or more instances of
flsmngr.dll
5. Select every instance of flsmngr.dll and move each one to the
Remove box by clicking the >> button.
6. When you are done click Finish>>.

2. Please download the attachment smitfraud.zip. (found as an attachment to this post at the bottom of my reply) Save it to
your desktop. Now right click the zip and extract the smitfraud folder to your desktop. Do not open or use it yet, we will use it later.

3. Please download the attachment delfiles.zip. (found as an attachment to this post at the bottom of my reply) Save it to
your desktop. Now right click the zip and extract the delfiles.bat to your desktop. Do not open or use it yet, we will use it later.

4. Download CWShredder Here. Don’t do anything with it yet other than save it on your computer. We will use this program later.

5. Copy the contents of the code box below to a blank notepad.
Make sure the formatting remains the same. Close it, saving to your
desktop as;

File name: HKCUrun.reg
Save as type: All Files

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AOLCC"="\"C:\\PROGRA~1\\AOLCOM~1\\ACCAgnt.exe\" /startup"
"AOL Fast Start"="\"C:\\Program Files\\America Online 9.0f\\AOL.EXE\" 
-b"

6. Uninstall the following programs (if present) by going to
Start>Control Panel>Add and Remove Programs:

FLN (or Flash Enhancer)
Websearch (or Web Rebates)
Ebates_Moe Money Maker
DyFuca
180 Solutions (or 180 Search Assistant)
Altnet
BPT
My Way (or MyBar)

7. Reboot into Safe Mode by repeatedly tapping the F8 key as
your computer begins to Boot. You will be given an option to enter Safe
Mode. Logon to your user account.

8. Configure Windows Explorer to view hidden files as well as system files and extensions for known file
types.

9. Delete the following files and folders in bold if present:

wmesd10n.exe <<< do a search for this one

C:\Windows\CaseyVideo[1].scr
C:\Program Files\180searchassistant
C:\Program Files\Bpt
C:\Program Files\CxtPls
C:\Program Files\FLN
C:\Program Files\Websearch
C:\Program Files\Ebates_MoeMoneyMaker

10. Double click the delfiles.bat file on your desktop to
run it.

11. Double click the HKCUrun.reg file on your desktop and
allow it to merge into the registry.

12. Open the smitfraud folder and double click the
RunThis.bat file to start the tool. Follow the prompts.

13. Locate CWShredder, and double click it to open.
Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.

14. Open My Computer, right click Local disk C: and choose
properties, then disk cleanup. Check all boxes except compress old files
and click OK.

15. Please re-open HiJackThis and scan. Check the boxes next
to all the entries listed below (IF still present).
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://w-find.com/index.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.topfivese.../sidesearch.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://w-find.com/index.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {D6CA5D91-5EA2-4654-9B75-499267012611}
- (no file)
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} -
C:\Program Files\CxtPls\cxtpls.dll
O2 - BHO: (no name) - {0AD937E7-2F37-4873-A05E-548A67EF1D0E} - (no
file)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no
file)
O2 - BHO: FlashEnhancer Extnder -
{A749B4BC-7621-4a80-9220-D0A283367DD5} - c:\Program Files\Fln\fln.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no
file)
O3 - Toolbar: (no name) - {D053DA56-78BE-44AA-8E83-A47036CF2AFF} - (no
file)
O3 - Toolbar: (no name) - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - (no
file)
O3 - Toolbar: (no name) - {952EC978-4920-4F18-8237-91D69B54C580} - (no
file)
O4 - HKLM\..\Run: [lxamsp32.exe] lxamsp32.exe
O4 - HKLM\..\Run: [Agent WebControl] C:\WINDOWS\system32\key0bdhe.exe
O4 - HKLM\..\Run: [FlnCPY] "C:\Program Files\Common
Files\Java\flncpy.exe"
O4 - HKLM\..\Run: [v37O37g] wmesd10n.exe
O4 - HKLM\..\Run: [Service Host]
C:\WINDOWS\system32\Services\{1F657AF6-CD2A-4057-AE15-52AFAD156E25}\SVCHOST.EXE
O4 - HKCU\..\Run: [CaseyVideo[1]] c:\windows\CaseyVideo[1].scr
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel
present
O8 - Extra context menu item: Web Rebates - file://C:\Program
Files\websearch\System\Temp\topr1150_script0.htm
O9 - Extra button: Microsoft AntiSpyware helper -
{642C3672-7AB2-4938-A43C-A73004A7CC80} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper -
{642C3672-7AB2-4938-A43C-A73004A7CC80} - (no file) (HKCU)
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} -
file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm
(file missing) (HKCU)
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) -
http://static.topcon...vex/website.ocx
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller
Class) - http://www.180search...com/180saax.cab
O23 - Service: Loading Outpost Connections (KDE) - Unknown owner -
C:\WINDOWS\system32\cmdtel.exe
O23 - Service: Debug oupost relations (LAGOS) - Unknown owner -
C:\WINDOWS\system32\ahtun.exe

**Also, IF any of the RANDOM 04 (HKCU) entries still appear, check
those as well.

Now close all windows other than HiJackThis, then click Fix
Checked.

16. Now click the config button, then misc tools. Click the Delete an NT
Service button, then type or paste in KDE and click OK.
Click Delete an NT Service again and type or paste in LAGOS and
click OK. Close HijackThis.

17. Restart your computer back into Windows. See if you can now update
Spybot and Ad-aware. Run full scans if successful, removing everything they
find.

18. Run an online virus scan with
TrendMicro. Post the results of the scan.

19. Run a new HijackThis scan and post the log.

20. Please check the properties of this file for company, version info, etc
and let me know what you find. C:\Program Files\Common
Files\Java\flncpy.exe

#17
FrankSweetMusic

Posted 17 May 2005 - 05:03 PM

Member

Topic Starter
Member
15 posts

HI Kat,,,I replied to this last nite,,,but i I guess it didnt take,,,,

here is my HiJack This Log....i couldnt get rid of Lagos and KDE,,,,,,,an error message said it was running,,even after i deleted from the HiJackthis Config function,,,,,,, Microtend.com wouldnt download for me either,,it quits after 10% (and the link u gave me sent me to Mircotrend,com)

I have deleted all Kazaa,,Imesh,,Napster ([bleep] kids,,LOL) but i know their programs still exist on my computer,,any ideas on how to get rid of that???

the fln.exe didnt have any properties,,,,but the flncpy.cfg did,,it is Microsoft Office Outlook,,,,XML Extender,,,Product Version 2,0,0,22,,original name is of file is XML.DLL,,I hope that helps...i got my programs working again yah!!!! but i still have that black backgrund warning on my desktop warning me that my computer is infected with spyware,,the good news is that i dont get redirected to w-find,com any more on IE

Once again,,thanx for your help,,I know im not out of the woods,,,,,but at least i can see light thru the trees,,lol

Logfile of HijackThis v1.99.1
Scan saved at 7:02:34 PM, on 5/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\Program Files\America Online 9.0f\waol.exe
C:\Program Files\America Online 9.0f\shellmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijack This\HijackThis.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: PosHelp - {CDEEC43D-3572-4E95-A2A5-F519D29F00C0} - C:\PROGRA~1\ADVANC~1\ADVANC~1.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Advanced Searchbar - {57F02779-3D88-4958-8AD3-83C12D86ADC7} - C:\PROGRA~1\ADVANC~1\advancedsearchbar.dll
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0f\AOL.EXE" -b
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Advanced Searchbar - {57F02779-3D88-4958-8AD3-83C12D86ADC7} - C:\PROGRA~1\ADVANC~1\advancedsearchbar.dll
O9 - Extra 'Tools' menuitem: Advanced Searchbar - {57F02779-3D88-4958-8AD3-83C12D86ADC7} - C:\PROGRA~1\ADVANC~1\advancedsearchbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: Terminal Connection - {E72E8062-5F69-4ADE-B0D4-DFC3492F95B3} - C:\WINDOWS\system32\spood532.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AutoComplete Service (Autocomplete) - Unknown owner - C:\PROGRA~1\SYSTEM~1\autocomp.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Loading Outpost Connections (KDE) - Unknown owner - C:\WINDOWS\system32\cmdtel.exe (file missing)
O23 - Service: Debug oupost relations (LAGOS) - Unknown owner - C:\WINDOWS\system32\ahtun.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#18
Kat

Posted 17 May 2005 - 07:13 PM

Retired

Retired Staff
19,711 posts

WAY TO GO!!!! We're almost there!!!!

1. Reboot into safe mode first!

2. Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: PosHelp - {CDEEC43D-3572-4E95-A2A5-F519D29F00C0} - C:\PROGRA~1\ADVANC~1\ADVANC~1.DLL
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: Advanced Searchbar - {57F02779-3D88-4958-8AD3-83C12D86ADC7} - C:\PROGRA~1\ADVANC~1\advancedsearchbar.dll
O9 - Extra button: Advanced Searchbar - {57F02779-3D88-4958-8AD3-83C12D86ADC7} - C:\PROGRA~1\ADVANC~1\advancedsearchbar.dll
O9 - Extra 'Tools' menuitem: Advanced Searchbar - {57F02779-3D88-4958-8AD3-83C12D86ADC7} - C:\PROGRA~1\ADVANC~1\advancedsearchbar.dll
O21 - SSODL: Terminal Connection - {E72E8062-5F69-4ADE-B0D4-DFC3492F95B3} - C:\WINDOWS\system32\spood532.dll (file missing)

Now close all windows other than HiJackThis, then click Fix Checked. Reboot into safe mode again.

Please remove these entries from Add/Remove Programs in the Control Panel(if present):

Advanced Searchbar

Please note any other programs that you dont recognize in that list in your next response

After that, Reboot.

3. Go here:

Display fix

Copy the text and paste it into Notepad Save As call it display.reg

Once saved to a place you can easily find (Desktop is my favourite) double click and choose YES

If any anti malware programme alerts you to the change, please allow it.

4. Let me know if you can now go into your desktop properties and set your background. Also post a fresh HJT log here for me to see. If you would, please run a full scan with MWav, and post me ONLY the log of any Malware it finds (IF any!!)

#19
FrankSweetMusic

Posted 18 May 2005 - 04:11 PM

Member

Topic Starter
Member
15 posts

hi kat,,,i have the logs on notepad, but for some reason when I go to paste them,,,,my system lockeds up with an hour glass,,and it says the site isnt responding,,is that a problem on my end or yours????? I will keep trying,,,,,,,,,,, :tazz:

Thanx again Kat

#20
FrankSweetMusic

Posted 18 May 2005 - 04:53 PM

Member

Topic Starter
Member
15 posts

Well,,At Least the HijackThis Log Pasted

Logfile of HijackThis v1.99.1
Scan saved at 6:03:31 PM, on 5/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijack This\HijackThis.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AutoComplete Service (Autocomplete) - Unknown owner - C:\PROGRA~1\SYSTEM~1\autocomp.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Loading Outpost Connections (KDE) - Unknown owner - C:\WINDOWS\system32\cmdtel.exe (file missing)
O23 - Service: Debug oupost relations (LAGOS) - Unknown owner - C:\WINDOWS\system32\ahtun.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#21
Kat

Posted 18 May 2005 - 05:20 PM

Retired

Retired Staff
19,711 posts

YES!!!!!!!!! High 5's all around!!! We've about got you done, Frank!!!

Click on Start>Run and type services.msc then click ok. Locate the following service names, right click on them and choose properties. If they are running, stop them..set them to disabled. Click Apply, then Ok.

AutoComplete Service
Loading Outpost Connections
Debug oupost relations

Now, open HJT and click the "Open Misc Tools section
Click on "Delete an NT service" and enter the first name above "
"Autocomplete" (without the quotes) and click OK
Do the same for these other two, then reboot your computer.

KDE
LAGOS

Since you are having trouble pasting me the MWav log, try this:
click in the lower pane then press Ctrl+A, Ctrl+C then Ctrl+V in a reply. If that doesn't work, copy it to notepad or word pad, save and close, then re-open and try again.

If you can copy it but just can't paste it here...let me know. I can pm you my email address, and you can send it that way.

How is everything else running now? Is your desktop back?? Give me any details you can on how the system is running, so we can make sure to get you put back into tip top shape! :tazz:

Are you getting the popups still?

Edited by ~Kat~, 18 May 2005 - 06:37 PM.

#22
FrankSweetMusic

Posted 19 May 2005 - 04:46 PM

Member

Topic Starter
Member
15 posts

hi spyware kicking Kat,,LOL

the file I was trying to copy was too large,,thats why i had problems,,I will run another mwav on the overnite 2nite :tazz:

and post u the log with Virus only

No more pop ups,,,got my back ground and homepage back

u are the best,,,,after i post the mwav and hijack this ,,,, i am gonna ask you for your profession opinion,,,what type of protection do I need to avoid this in the future,,,,,,,,,,,, ill post this in the moring,,u are the best!!!

Frank

#23
FrankSweetMusic

Posted 20 May 2005 - 06:15 AM

Member

Topic Starter
Member
15 posts

HIII KAT

here is the logs

you guys are the best,,,especially the spyware kicking blonde LOL :tazz:

thank u very very much,,,

Do you think I should buy the mwav program to clean the 300+ viruses it says I have,,or maybe another program??? Currently I am running Ewido and Microsoft Anti Spyware programs,,I still have ADAWARE and SpyBot,,,,,and all those other programs you told me to download are in my c drive

Thanks again

Frank

File System Found infected by "Grokster Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "Grokster Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "Grokster Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "180Solutions Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "Quicken Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "mysearch Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "kazaa Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "GrokSter Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "Claria Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "cws.therealsearch Spyware/Adware" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\jcssaaaa.exe9887.tcf infected by "Trojan-Dropper.Win32.Agent.ka" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\srpcsrv32.dll3866.tcf infected by "Trojan-Downloader.Win32.Adload.g" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\taskmg.exe5213.tcf infected by "Trojan.Win32.Hpt.j" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\txfdb32.dll5692.tcf infected by "Trojan-Downloader.Win32.Adload.g" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\vqwaaaaa.exe6646.tcf infected by "Trojan-Dropper.Win32.Agent.ii" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Aaron's\LOCALS~1\Temp\~vis0001\rebootnt.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Documents and Settings\Aaron's\Local Settings\Temp\~vis0001\rebootnt.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Documents and Settings\All Users\Application Data\AOL Downloads\lpkw_setupSTUS\comp02.000 tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Documents and Settings\All Users\Application Data\AOL Downloads\updateni_setup90\comp01.000 tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\LxkX63\Scan\setup.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\LxkX63\Scan\SETUPX63PART2.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\America Online 9.0\Jiti\Jiti_mm.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\America Online 9.0a\Jiti\Jiti_mm.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\America Online 9.0b\Jiti\Jiti_mm.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\America Online 9.0c\Jiti\Jiti_mm.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\America Online 9.0d\Jiti\Jiti_mm.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\America Online 9.0e\Jiti\Jiti_mm.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\America Online 9.0f\backup\restore\comp02.000 tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\America Online 9.0f\Jiti\Jiti_mm.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Common Files\aolback\comp01.000 tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\LexmarkX63\RemoveX63.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\LexmarkX63\X63Twain.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000026.exe.tcf infected by "Trojan-Dropper.Win32.Agent.ka" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000027.exe.tcf infected by "not-a-virus:AdWare.FindSpy.e" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000028.dll.tcf infected by "Trojan-Downloader.Win32.Adload.g" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000029.exe.tcf infected by "Trojan.Win32.Hpt.j" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000030.dll.tcf infected by "Trojan-Downloader.Win32.Adload.g" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000031.exe.tcf infected by "Trojan-Dropper.Win32.Agent.ii" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0002009.exe infected by "Trojan-Dropper.Win32.Small.ue" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0008275.exe infected by "Trojan-Dropper.Win32.Agent.ka" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0008277.dll infected by "Trojan-Downloader.Win32.Adload.g" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0008278.exe infected by "Trojan.Win32.Hpt.j" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0008279.dll infected by "Trojan-Downloader.Win32.Adload.g" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0008280.exe infected by "Trojan-Dropper.Win32.Agent.ii" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011276.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011277.exe infected by "Trojan-Downloader.Win32.Keenval" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011278.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011279.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011280.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011281.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011282.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011283.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011284.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011285.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011286.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011287.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011288.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011289.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011290.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011291.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011292.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011293.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011294.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011295.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011296.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011297.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011298.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011299.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011300.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011301.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011302.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011303.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011304.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011305.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011306.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011307.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011308.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011309.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011310.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011311.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011312.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011313.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011314.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011315.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011316.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011317.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011318.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011319.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011320.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011321.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011322.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011323.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011324.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011325.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011326.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011327.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011328.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011329.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011330.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011331.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011332.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011334.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011335.exe infected by "Backdoor.Win32.PPdoor.m" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011336.dll infected by "Backdoor.Win32.PPdoor.j" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011338.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011339.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011340.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011341.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011342.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011344.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011345.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011346.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011348.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011349.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011350.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011352.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011353.exe infected by "Trojan-PSW.Win32.VB.cc" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011354.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011356.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011357.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011358.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011359.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011360.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011361.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011362.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011363.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011364.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011365.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011366.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011367.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011369.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011370.EXE infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011371.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011372.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011373.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011376.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011377.EXE infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011378.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011380.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011381.EXE infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011382.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011385.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011386.EXE infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011387.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011390.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011391.EXE infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011392.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011395.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011396.EXE infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011397.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011400.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011401.EXE infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011402.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011404.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011405.EXE infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011406.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011413.exe infected by "Trojan-Dropper.Win32.Small.ue" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0021673.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\WINDOWS\SYSTEM32\jcssaaaa.exe9887.tcf infected by "Trojan-Dropper.Win32.Agent.ka" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM32\srpcsrv32.dll3866.tcf infected by "Trojan-Downloader.Win32.Adload.g" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM32\taskmg.exe5213.tcf infected by "Trojan.Win32.Hpt.j" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM32\txfdb32.dll5692.tcf infected by "Trojan-Downloader.Win32.Adload.g" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM32\vqwaaaaa.exe6646.tcf infected by "Trojan-Dropper.Win32.Agent.ii" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Aaron's\Local Settings\Temp\~vis0001\rebootnt.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Documents and Settings\All Users\Application Data\AOL Downloads\lpkw_setupSTUS\comp02.000 tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Documents and Settings\All Users\Application Data\AOL Downloads\updateni_setup90\comp01.000 tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\LxkX63\Scan\setup.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\LxkX63\Scan\SETUPX63PART2.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\America Online 9.0\Jiti\Jiti_mm.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\America Online 9.0a\Jiti\Jiti_mm.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\America Online 9.0b\Jiti\Jiti_mm.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\America Online 9.0c\Jiti\Jiti_mm.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\America Online 9.0d\Jiti\Jiti_mm.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\America Online 9.0e\Jiti\Jiti_mm.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\America Online 9.0f\backup\restore\comp02.000 tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\America Online 9.0f\Jiti\Jiti_mm.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Common Files\aolback\comp01.000 tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\LexmarkX63\RemoveX63.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\LexmarkX63\X63Twain.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000026.exe.tcf infected by "Trojan-Dropper.Win32.Agent.ka" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000027.exe.tcf infected by "not-a-virus:AdWare.FindSpy.e" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000028.dll.tcf infected by "Trojan-Downloader.Win32.Adload.g" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000029.exe.tcf infected by "Trojan.Win32.Hpt.j" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000030.dll.tcf infected by "Trojan-Downloader.Win32.Adload.g" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000031.exe.tcf infected by "Trojan-Dropper.Win32.Agent.ii" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0002009.exe infected by "Trojan-Dropper.Win32.Small.ue" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0008275.exe infected by "Trojan-Dropper.Win32.Agent.ka" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0008277.dll infected by "Trojan-Downloader.Win32.Adload.g" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0008278.exe infected by "Trojan.Win32.Hpt.j" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0008279.dll infected by "Trojan-Downloader.Win32.Adload.g" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0008280.exe infected by "Trojan-Dropper.Win32.Agent.ii" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011276.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011277.exe infected by "Trojan-Downloader.Win32.Keenval" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011278.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011279.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011280.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011281.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011282.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011283.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011284.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011285.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011286.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011287.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011288.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011289.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011290.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011291.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011292.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011293.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011294.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011295.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011296.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011297.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011298.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011299.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011300.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011301.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011302.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011303.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011304.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011305.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011306.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011307.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011308.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011309.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011310.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011311.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011312.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011313.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011314.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011315.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011316.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011317.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011318.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011319.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011320.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011321.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011322.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011323.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011324.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011325.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011326.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011327.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011328.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011329.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011330.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011331.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011332.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011334.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011335.exe infected by "Backdoor.Win32.PPdoor.m" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011336.dll infected by "Backdoor.Win32.PPdoor.j" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011338.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011339.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011340.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011341.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011342.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011344.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011345.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011346.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011348.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011349.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011350.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011352.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011353.exe infected by "Trojan-PSW.Win32.VB.cc" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011354.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011356.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011357.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011358.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011359.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011360.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011361.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011362.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011363.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011364.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011365.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011366.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011367.exe infected by "Trojan.Win32.StartPage.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011369.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011370.EXE infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011371.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011372.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011373.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011376.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011377.EXE infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011378.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011380.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011381.EXE infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011382.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011385.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011386.EXE infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011387.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011390.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011391.EXE infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011392.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011395.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011396.EXE infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011397.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011400.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011401.EXE infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011402.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011404.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011405.EXE infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011406.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0011413.exe infected by "Trojan-Dropper.Win32.Small.ue" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0021673.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\WINDOWS\SYSTEM32\jcssaaaa.exe9887.tcf infected by "Trojan-Dropper.Win32.Agent.ka" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM32\srpcsrv32.dll3866.tcf infected by "Trojan-Downloader.Win32.Adload.g" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM32\taskmg.exe5213.tcf infected by "Trojan.Win32.Hpt.j" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM32\txfdb32.dll5692.tcf infected by "Trojan-Downloader.Win32.Adload.g" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM32\vqwaaaaa.exe6646.tcf infected by "Trojan-Dropper.Win32.Agent.ii" Virus. Action Taken: No Action Taken.

Logfile of HijackThis v1.99.1
Scan saved at 8:06:25 AM, on 5/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\lxamsp32.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
C:\Program Files\LexmarkX63\ACMonitor_X63.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijack This\HijackThis.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Yahoo&

#24
Kat

Posted 20 May 2005 - 12:12 PM

Retired

Retired Staff
19,711 posts

We're almost there, Frank!! :tazz:

1. Please download the Killbox.
Unzip it to the desktop but do NOT run it yet.

Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.
Once in Safe Mode, please run Killbox.
Select "Delete on Reboot".
Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\WINDOWS\SYSTEM32\jcssaaaa.exe9887.tcf
C:\WINDOWS\SYSTEM32\srpcsrv32.dll3866.tcf
C:\WINDOWS\SYSTEM32\taskmg.exe5213.tcf
C:\WINDOWS\SYSTEM32\txfdb32.dll5692.tcf
C:\WINDOWS\SYSTEM32\vqwaaaaa.exe6646.tcf
Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

2. Let's get you a clean restore point!
To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

How to Turn On and Turn Off System Restore in Windows XP
http://support.micro...kb;en-us;310405

3. Please download CleanUp! and run it to remove any leftover remnants of infection. Click the CleanUp button, and let it scan and select any files it needs to remove. Once it is done, exit the program.

4. Clean out your prefetch: Go to C:\Windows\Prefetch and delete everything here. Then reboot.

5. Ok, now. We have GOT to get you protected!! Personally, I don't recommend the MWav to use as your normal everyday anti virus. Download the free trial of eTrust and try it out. I think you'll really like it. If, when the free trial is up, you wish to not purchase it..then I recommend AVG from Grisoft for a good free AV. Also, I really want you to get a decent firewall. Do NOT use the one from Microsoft. It really isn't that good. A great free, easy to use, firewall is ZoneAlarm from ZoneLabs.

eTrust!

ZoneAlarm!

6. After you've done all this, I would like to see a last HJT log please!! Be sure to copy/paste the entire log ok?? I want to check one last time and make sure we've gotten everything!! Also, before you give me the HJT log, go ahead and install eTrust and run it. Let me know what/if it finds, if anything...and ESPECIALLY if there was anything that couldn't be cleaned!!

#25
FrankSweetMusic

Posted 21 May 2005 - 10:15 AM

Member

Topic Starter
Member
15 posts

Hi Spyware kickin' blonde,,,,,,,,,,,,,,,,

here are my logs??? does that mean i am 100% clean???wooohooooo!!! can i marry you???LOL

Thanxxxxxxxxxxx FOR ALL YOUR HELP

YOU AND THE STAFF ARE THE BEST!!!!!!!!!!

Logfile of HijackThis v1.99.1
Scan saved at 12:14:20 PM, on 5/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\lxamsp32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
C:\Program Files\LexmarkX63\ACMonitor_X63.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\Program Files\Hijack This\HijackThis.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [lxamsp32.exe] lxamsp32.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - Global Startup: AcBtnMgr_X63.exe.lnk = C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
O4 - Global Startup: ACMonitor_X63.exe.lnk = C:\Program Files\LexmarkX63\ACMonitor_X63.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Started scanning at 5/20/2005 10:42:28 PM. Engine Ver: 11.7.0. Sig Ver:9148. Sig Date: 5/20/2005.
C:\Documents and Settings\Aaron's\ntuser.dat - scan failed.
C:\Documents and Settings\Aaron's\ntuser.dat.LOG - scan failed.
C:\Documents and Settings\Aaron's\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - scan failed.
C:\Documents and Settings\Aaron's\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - scan failed.
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\server.lock - scan failed.
C:\Documents and Settings\LocalService\NTUSER.DAT - scan failed.
C:\Documents and Settings\LocalService\ntuser.dat.LOG - scan failed.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - scan failed.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - scan failed.
C:\Documents and Settings\NetworkService\NTUSER.DAT - scan failed.
C:\Documents and Settings\NetworkService\ntuser.dat.LOG - scan failed.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - scan failed.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - scan failed.
C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiCL0001.000 - scan failed.
C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiP10000.000 - scan failed.
C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiP20000.000 - scan failed.
C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiPT0000.000 - scan failed.
C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiSL0001.000 - scan failed.
C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiSP0000.000 - scan failed.
C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiST0000.000 - scan failed.
C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiVP0000.000 - scan failed.
C:\Program Files\Dell\Support\UI\Search\catalog.wci\INDEX.000 - scan failed.
C:\System Volume Information\catalog.wci\CiCL0001.000 - scan failed.
C:\System Volume Information\catalog.wci\CiP10000.000 - scan failed.
C:\System Volume Information\catalog.wci\CiP20000.000 - scan failed.
C:\System Volume Information\catalog.wci\CiPT0000.000 - scan failed.
C:\System Volume Information\catalog.wci\CiSL0001.000 - scan failed.
C:\System Volume Information\catalog.wci\CiSP0000.000 - scan failed.
C:\System Volume Information\catalog.wci\CiST0000.000 - scan failed.
C:\System Volume Information\catalog.wci\CiVP0000.000 - scan failed.
C:\System Volume Information\catalog.wci\INDEX.000 - scan failed.
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT - scan failed.
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG - scan failed.
C:\WINDOWS\SYSTEM32\CONFIG\SAM - scan failed.
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG - scan failed.
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY - scan failed.
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG - scan failed.
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE - scan failed.
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG - scan failed.
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM - scan failed.
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG - scan failed.
C:\WINDOWS\temp\ZLT07632.TMP - scan failed.
Finished scanning at 5/20/2005 11:41:22 PM.

#26
Kat

Posted 21 May 2005 - 11:00 AM

Retired

Retired Staff
19,711 posts

No, I can't marry you. I'm already very happily taken!!

I appreciate all the compliments though. MANY Kudos to you for hanging in there, and following directions!!

YES YOUR SYSTEM IS NOW 100% CLEAN!!!!!

Congratulations! Your log is now clean!

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

Detect and Remove Programs:

How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.

Prevention Programs:

Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
Google Toolbar <= Get the free google toolbar to help stop pop up windows.

Other necessary Programs:

AntiVirus Program<= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kapersky, this is a must have.
Firewall<= A firewall is definatley a must have. Two good free versions are Sygate and ZoneLabs.
More Secure Browser<= Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox, however Opera and SlimBrowsers are good as well.

And also see TonyKlein's good advice
So how did I get infected in the first place? and AntiSpyware Net's spyware article: Spyware, Adware, Malware: What it is, how it got on my computer, how to get rid of it, and how to prevent it.

Good luck to you! Be sure to come back and visit us if you ever have trouble again!

#27
FrankSweetMusic

Posted 21 May 2005 - 03:33 PM

Member

Topic Starter
Member
15 posts

thank you soo very very much KAT,,I

I read your site homepage,,,,You are an inspiration to alot of people,,I am very glad things are going very well for you :tazz:

Im going to Vegas at the end of June,,Ill have to ask someone else to marry <<LOL......

ive told everyone about this site,,you guys are the best

Thank you soo soo very much

Frank

#28
Kat

Posted 21 May 2005 - 05:46 PM

Retired

Retired Staff
19,711 posts

Thank you so much for your kind words. It was a pleasure working with you. I learned a LOT during the past few days working up your fix!! :tazz:

#29
Kat

Posted 21 May 2005 - 05:46 PM

Retired

Retired Staff
19,711 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.